Page 1
INSTALLATION AND OPERATION MANUAL
CNGE2FE16MS
MANAGED ETHERNET SWITCH WITH (16) 10/100TX +
(2) CONFIGURABLE 10/100/1000TX / 100/1000FX PORTS
v2.01 Jan 2012
The ComNet™ CNGE2FE16MS Managed Ethernet Switch provides robust transmission
of (16) 10/100 BASE-TX and (2) 10/100/1000TX or 100/1000FX combo ports, of gigabit
Ethernet data. Unlike most Ethernet switches, these environmentally hardened units
are designed for direct deployment in difficult out-of-plant or roadside operating
environments, and are available for use with either conventional CAT-5e copper or
optical transmission media. Diverse media selection allows for easy implementation
of point-to-point, linear add-drop, drop-and-repeat, star, or true self-healing ring and
mesh network system architectures. The 16 electrical ports support the 10/100 Mbps
Ethernet IEEE 802.3 protocol, and auto-negotiating and auto-MDI/ MDIX features are
provided for simplicity and ease of installation. 2 ports are 10/100/1000 configurable
for copper or fiber media for use with multimode or single mode optical fiber, selected
by optional SFP modules. These network managed layer 2 switches are optically
(100/1000 BASE-FX) and electrically compatible with any IEEE 802.3 compliant
Ethernet devices. Plug-and-play design ensures ease of installation, and no electrical
or optical adjustments are ever required. The CNGE2FE16MS incorporates LED
indicators for monitoring the operating status of the managed switch and network.
These units are DIN-rail or wall mountable.
Page 2
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Contents
FCC Warning 3
CE Mark Warning 3
Overview 4
Introduction 4
Features 5
Technical Specifications 6
Packing List 8
Safety Precaution 8
Hardware Description 9
Physical Dimensions 9
LED Indicators 10
Installation 11
RJ-45 Cabling 11
SFP Cabling 15
Grounding the CNGE2FE16MS 17
Wiring the Power Inputs 18
Wiring the P-Fail Alarm Contacts 19
DIN-Rail Mounting 20
Wall Mounting 22
Installation Steps 23
Configuration 24
RS-232 Console 24
Login in the Console Interface 25
SSH 27
Configuring PuTTY 27
Web-Based Management 32
Troubleshooting 105
Appendix A—Command Sets 106
TECh SUPPORT: 1.888.678.9427
X-Ring2 88
Command Level 106
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 2
Page 3
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
FCC Warning
This equipment has been tested and found to comply with the limits for a Class-A digital device,
pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection
against harmful interference in a residential installation. This equipment generates, uses, and can
radiate radio frequency energy. It may cause harmful interference to radio communications if the
equipment is not installed and used in accordance with the instructions. However, there is no
guarantee that interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by turning the
equipment off and on, the user is encouraged to try to correct the interference by one or more of
the following measures:
» Reorient or relocate the receiving antenna.
» Increase the separation between the equipment and receiver.
» Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
» Consult the dealer or an experienced radio/TV technician for help.
CE Mark Warning
This is a Class-A product. In a domestic environment this product may cause radio interference in
which case the user may be required to take adequate measures.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 3
Page 4
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Overview
Introduction
To create the reliability in your network, the CNGE2FE16MS comes equipped with a proprietary
redundant network protocol, X-Ring II, which provides users with an easy way to establish a
redundant Ethernet network with ultra high-speed recovery time of less than 10ms. Also, the
extended MTBF (Mean Time Between Failures) ensures that the CNGE2FE16MSwill continue to
operate until a Gigabit network infrastructure has been established without requiring any extra
upgrade costs.
The CNGE2FE16MS also comes equipped with 2 Gbps (gigabit) Ethernet combo ports; each
combo port consists of a copper and a SFP sockets. The combo ports can be used for the
application of wideband uploading and especially long distance transmission by connecting the
SFP socket to fit the field request flexibility.
Heavy Duty
Designed with metal housing, the CNGE2FE16MS provides the rugged construction that complies
with IP30 standards.
Dual Power Inputs
The redundant power input design for the CNGE2FE16MS provides a backup power solution.
With both the power inputs supplied, if a failure occurs the other supply will be activated to keep
the system continually operating. When one of the power inputs fails, the P-Fail LED indicator
illuminates and sends an alarm through the relay output as notification.
Flexible Mounting
The CNGE2FE16MS can be mounted on the wall or on a standard DIN rail, so it is suitable for any
space-constrained environment.
Wide Operating Temperature
The operating temperature range of the CNGE2FE16MS is between -40 and +75ºC. With such a
wide range, you can deploy the CNGE2FE16MS in some of the harshest industrial environments.
Easy Troubleshooting
LED indicators make solving any challenges easy. Users can identify the status of the switch by
observing the LED indicators with the definition table.
N-Key Quick Installation
An optional accessory is offered for the CNGE2FE16MS for quick installation especially when you
are planning to do routine tasks. Users can simply plug the accessory known as N-Key into the
console port for system configuration backup/restoration.
INS_CNGE2FE16MS_REV–
TECh SUPPORT: 1.888.678.9427
01/11/12 PAGE 4
Page 5
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Features
» 7.2Gbps back-plane (switching fabric)
» 2 x 1000Base-T/1000Base-FX Combo ports
» Wide-range redundant power
» Power polarity reversal protection
» X-Ring II path redundant supported
» TFTP firmware update and system configuration restoration/backup
» N-Key for configuration restoration/backup (optional)
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 5
Page 6
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Technical Specifications
Communications
Standard IEEE 802.3, 802.3u, 802.3x, 802.3ad
IEEE 802.1d, 802.1p, 802.1Q, 802.1w, 802.1x
LAN 10/100/1000BaseT, 1000BaseFX
Transmission Speed Up to 1000 Mbps
Interface
Ethernet 16 x RJ-45 (10/100TX)
2 x RJ-45/SFP (mini-GBIC) combo ports
(1000T/1000FX)
Console 1 x RJ-45 (RS-232)
Power & Relay Alarm
1 x 6-plug terminal block
Receptacle
LED Indicators System: Power1, Power2, P-Fail, R-Master
10/100BaseTX port: Link/Active, Full duplex/Collision
1000T: Link/Active, Speed
SFP: Link/Activity
Management
Configuration Web browser, serial console, SNMP v1/v2c/v3, Telnet, TFTP, N-Key (optional),
IPv6, SNTP
SNMP MIB RFC 1215 Trap, RFC1213 MIBII, RFC 1157 SNMP MIB, RFC 1493 Bridge MIB,
RFC 2674 VLAN MIB, RFC1643 , RFC 1757, RSTP MIB, LLDP MIB, Private MIB
VLAN IEEE 802.1Q tagged, double-tagged VLAN, GVRP
Redundancy 802.1w/d RSTP/STP
X-Ring II (Recovery time < 10ms)
Security SSL, SSH, DHCP Server with Port-IP binding, IP access security, user
authentication, multi-user login, 802.1X port access control
Traffic Control Port trunking with LACP, rate limit and storm control, IGMP Snooping/Query
for multicast group, multicast filtering, IEEE 802.3x flow control, IEEE 802.1p
QoS
Diagnostics Port mirroring, real-time traffic statistics, MAC address table, system event log,
E-mail alert, SNMP trap, RMON, LLDP/LLDP-MED, DMI for SFP
INS_CNGE2FE16MS_REV–
TECh SUPPORT: 1.888.678.9427
01/11/12 PAGE 6
Page 7
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Power
Power Consumption 10.75 watts max.
Power Input 12 ~ 48 VDC
Mechanical
Dimensions (WxHxD) 72 x 152 x 106.2 mm
Enclosure IP30 protection, aluminum shell
Installation Wall/DIN-rail mounting
Environment
Operating Temperature -40º ~ 75ºC (-40º ~ 167ºF)
Operating Humidity 5% ~ 95% (non-condensing)
Storage Temperature -40º ~ 85ºC (-40º ~ 185ºF)
Storage Humidity 5% ~ 95% (non-condensing)
MTBF 218490 hrs
Certifications
Safety UL, cUL, CE/EN60950-1; (suitable for use in Class I, Division 2, Groups A, B, C,
and D locations)
EMC CE, FCC Class A
CE EN61000-6-2
CE EN61000-6-4
CE EN61000-4-2 (ESD)
CE EN61000-4-3 (RS)
CE EN61000-4-4 (EFT)
CE EN61000-4-5 (Surge)
CE EN61000-4-6 (CS)
CE EN61000-4-8 (Magnetic Field)
Free Fall IEC60068-2-32
Shock IEC61373
Vibration IEC61373
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 7
Page 8
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Packing List
» 1 x CNGE2FE16MS
» 1 x RJ-45 to D-sub 9 female console cable
» 1 x User Manual (CD-ROM)
» 1 x Wall-mount kit
Compare the contents of the CNGE2FE16MS with the standard checklist above. If any item is
damaged or missing, please contact the local dealer for service.
Safety Precaution
Attention If DC voltage is supplied by an external circuit, please use a protection device on
the power supply input.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 8
Page 9
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Hardware Description
This section is intended to introduce the industrial switch’s hardware specification, port, cabling
and wiring information.
Physical Dimensions
Figure 1 illustrates the dimensions 72 × 152 × 106.2mm (W × H × D) for the CNGE2FE16MS.
Figure 1 – Mechanical Dimensions
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 9
Page 10
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
LED Indicators
LED indicators located on the front panel display the power status and network status of the
CNGE2FE16MS. Please Table 1 for further details.
LED Color Description
PWR Green On System power on
Off No power inputs
R.M. Green On The switch is the master device of the X-ring group
Off Non-master device
PWR1 Green On Power input 1 is active
Off Power input 1 is inactive
PWR2 Green On Power input 2 is active
Off Power input 2 is inactive
P-Fail
Red On Power or Ethernet port linking failure occurs
(depends on the Fault
Relay Alarm configuration)
Off No failure occurs
P1 ~ P16 Green On Connected to network
Blinking Data is transmitting or receiving
Off Not connected to network
Amber On Full duplex
Blinking Collision of packets occurs
Off Half duplex or not connected to network
P17, P18
(10/100/1000T)
Green
(Upper LED)
On Connected to network
Blinking Data is transmitting or receiving
Off Not connected to network
Green
On Operating at speed of 1000M
(Lower LED)
Off Disconnected or operating at speed of 10/100M
P17, P18
(100/1000 SFP)
Green On Connected to network
Blinking Data is transmitting or receiving
Off Not connected to network
TECh SUPPORT: 1.888.678.9427
Table 1 – Definition of LED indicators
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 10
Page 11
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Installation
RJ-45 Cabling
Use four twisted-pair, Category 5e or above cabling for the RJ-45 port connection.
The cable between the switch and the link partner (switch, hub, workstation, etc.) must be less
than 100 meters (328 feet) long.
The RJ-45 copper ports will auto-sense for 10Base-T, 100Base-TX, or 1000Base-T connections.
Auto MDI/MDIX means that the switch can connect to another switch or workstation without
changing straight through or crossover cabling.
Pin Number MDI-X Signal Name MDI Signal Name
1 Receive Data plus (RD+) Transmit Data plus (TD+)
2 Receive Data minus (RD-) Transmit Data minus (TD-)
3 Transmit Data plus (TD+) Receive Data plus (RD+)
6 Transmit Data minus (TD-) Receive Data minus (RD-)
Table 2 – 10/100Base-TX Pinouts
Note “+” and “-” signs represent the polarity of the wires that make up each wire pair.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 11
Page 12
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
10/100Base-TX Cable Schema
Figure 2 – Straight Through Cable Schematic
10/100/1000Base-T Pinouts
Pin Signal name Description
1 BI_DA+ Bi-directional pair A+
2 BI_DA- Bi-directional pair A-
3 BI_DB+ Bi-directional pair B+
4 BI_DC+ Bi-directional pair C+
5 BI_DC- Bi-directional pair C-
6 BI_DB- Bi-directional pair B-
7 BI_DD+ Bi-directional pair D+
8 BI_DD- Bi-directional pair D-
Figure 3 – Cross Over Cable Schematic
Table 3 – Gigabit Ethernet RJ-45 pinouts
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 12
Page 13
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
10/100/1000Base-T Cable Schema
The following two figures illustrate the 10/100/1000Base-T cable schema.
Figure 4 – Straight Through Cable Schema
TECh SUPPORT: 1.888.678.9427
Figure 5 – Crossover Cable Schema
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 13
Page 14
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Gigabit Copper/SFP Combo Port
The CNGE2FE16MS is equipped with Gigabit Copper/SFP combo ports. The Gigabit Copper
(10/100/1000T) ports should use Category 5e or above UTP/STP cable for the connection speed
up to 1000Mbps. SFP slots supporting dual mode to toggle the connection speed between 100
and 1000Mbps are used for connecting to the network segment with single or multi-mode fiber
optics. You can choose the appropriate SFP transceiver to plug into the SFP socket with proper
multi-mode or single-mode fiber cable according to that transceiver.
Note The particular SFP/Copper Combo port is deemed to be a single port that either the SFP or
Copper port operates; the SFP and Copper ports cannot both operate at the same time.
The SFP port has the higher priority than the corresponding copper port; if you insert the
1000M SFP transceiver (which has connected a fiber cable between that transceiver and the
remote node) into the SFP port, the connection of the corresponding copper port will link
down.
If you insert the 100M SFP transceiver into the SFP port even without a fiber cable between
that transceiver and the remote node, the connection of the corresponding copper port will
link down immediately.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 14
Page 15
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
SFP Cabling
SFP Connection
To connect the transceiver and the LC cable, please follow the steps shown in Figures 6 – 8.
» First, insert the transceiver into the SFP slot. Notice that the triangle mark indicates the bottom
of the slot.
Figure 6 – Insert transceiver into the SFP slot
Figure 7 –Transceiver Inserted
» Second, insert LC connector of the fiber cable into the transceiver.
TECh SUPPORT: 1.888.678.9427
Figure 8 – LC connector to the transceiver
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 15
Page 16
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
SFP Disconnection
To remove the LC connector from the transceiver, follow the steps showin in Figures 9 and 10.
» First, press down the latches and pull the LC connector out of the transceiver.
Figure 9 – Press down the latches to remove the LC connector
» Second, push down the metal loop and pull out the transceiver by the handle.
Figure 10 – Pull the transceiver out of the slot
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 16
Page 17
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Grounding the CNGE2FE16MS
Follow the instructions below to attach the CNGE2FE16MS to ground.
Attention When installing the CNGE2FE16MS, the ground connection must always be made
first and disconnected last.
» On the top of the CNGE2FE16MS, locate and remove the dome screw that has a ground
symbol beside it.
» Attach the ground wire to the screw hole with the dome screw.
Figure 11 – Top plate of CNGE2FE16MS
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 17
Page 18
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Wiring the Power Inputs
Please follow these steps to connect power lines from the terminal block to the compliant external
DC power source.
» Before wiring, make sure the power source is disconnected.
» Using a wire-stripping tool, remove a short piece of insulation from the output wires of the DC
power source.
» Identify the positive and negative polarity feed positions for the terminal block connection.
See the symbols printed on the panel indicating the polarities and DC input power range in
voltage.
Figure 12 – Plugs for Power 1 & Power 2
» Insert the exposed wires into the terminal block plugs. Only wires with insulation should extend
from the terminal block plugs. Note that the polarities between the wires and the terminal
block plugs must be positive-to-positive and negative-to-negative.
» Use a slotted screwdriver to tighten the captive screws.
Figure 13 Captive Screws for Fixing Wires
Attention: Use Copper Conductors Only, 60/75°C, tightening to 5 lb-in
The wire gauge for the terminal block should be in the range between 12~ 24 AWG.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 18
Page 19
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Wiring the P-Fail Alarm Contacts
The “P-Fail” alarm relay is provided to signal critical error conditions that may occur on the switch.
The contacts are energized upon powering up of the switch and remain energized until a critical
error occurs including power failure, Ethernet port disconnection and MAC violation. Take the
wiring illustration below as an example that illustrates the proper relay connection forming a
normally closed circuit, and the connection is to be broken when an error occurs.
Figure 14 – Terminal Block Plugs for Fault Alarm Contacts
TECh SUPPORT: 1.888.678.9427
24Vdc, 1A
Resistance
Figure 15 – Fault Alarm Wiring Example
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 19
Page 20
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
DIN-Rail Mounting
Assembling the DIN-Rail Clip
The DIN-rail clip is screwed on the CNGE2FE16MS when out of factory. If not, please refer to the
following steps to secure the DIN-rail clip on the switch.
» Use the included screws to secure the DIN-rail clip on the CNGE2FE16MS.
» To remove the DIN-rail clip, remove the screws from the clip to separate it from the unit.
Figure 16 – Rear Side of the Switch
DIN-Rail Clip
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 20
Page 21
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Hanging the Industrial Switch
Follow the steps below to hang the CNGE2FE16MS on the DIN rail.
» First, position the rear side of the switch directly in front of the DIN rail. Make sure the top of
the clip hooks over the top of the DIN rail.
Figure 17 – Positioning DIN-rail clip on the DIN rail
» Push the unit downward.
Figure 18 – Successful installation onto DIN rail
» Check the DIN-Rail clip is tightly affixed on the DIN rail.
» To remove the CNGE2FE16MS from the track, reverse the steps above.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 21
Page 22
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Wall Mounting
To hang the Ethernet switch on the wall, please follow the steps below.
» Remove the DIN-rail clip.
» Prepare the two wall-mount plates and six screws (included).
» Align the screw holes between the wall-mount plates and the unit as the figure illustrated.
» Secure the plates to the unit with the accompanying screws.
Figure 19 – Alignment of CNGE2FE16MS and Wall Mounting Hardware
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 22
Page 23
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Installation Steps
» Unpack the CNGE2FE16MS.
» To hang the CNGE2FE16MS on the wall, please refer to the Wall Mounting section.
» Ground the CNGE2FE16MS.
» To power on the CNGE2FE16MS, please refer to the Wiring the Power Inputs section for further
information on how to wire the power. And then the power LED on the CNGE2FE16MS will light
up. Please refer to the LED Indicators section for indication of LED lights.
» Prepare the appropriate cables for the Ethernet connection.
» The Ethernet port LED on the CNGE2FE16MS will light up when the cable is connected with
the network device. Please refer to the LED Indicators section for LED light indication.
» When all connections are set and LED lights all show in normal, the installation is complete.
Note This equipment is intended for use in a Pollution Degree 2 industrial environment.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 23
Page 24
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Configuration
The CNGE2FE16MS can be configured via RS-232 Console, SSH (Secure Shell) or a web browser.
RS-232 Console
Attach the supplied cable, which one end is D-sub 9 and the other end is RJ-45, to connect the
CNGE2FE16MS and your host PC or terminal. The connected PC or terminal must support the
terminal emulation program.
Figure 20 – Connection Cable
Pin Assignments
Figure 21 – DB 9-pin Female
D-sub 9 Connector RJ-45 Connector
NC 1 Orange/White
2 2 Orange
3 3 Green/White
NC 4 Blue
5 5 Blue/White
NC 6 Green
NC 7 Brown/White
TECh SUPPORT: 1.888.678.9427
NC 8 Brown
Table 4 – Pin Assignments
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 24
Page 25
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Login in the Console Interface
After the connection between Switch and PC is ready, turn on the PC and run a terminal emulation
program like Hyper Terminal and configure its communication parameters to match the following
default characteristics of the console port:
» Baud Rate: 9600 bps
» Data Bits: 8
» Parity: None
» Stop Bit: 1
» Flow control: None
Figure 22 – Communication Parameters
» Having selected the parameter settings, click OK.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 25
Page 26
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» When the blank screen shows up, press Enter to have the login prompt appear. Key in admin
(default value) for both User Name and Password (press Enter to switch between); and then
press Enter to reach the Main Menu of console management.
Figure 23 – Console login interface
The system supports the console management—CLI command. After you log on to the system, you
will see a command prompt. To enter CLI management interface, type in the enable command.
Figure 24 – CLI command interface
For further details about the CLI commands, please refer to Appendix A Command Sets.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 26
Page 27
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
SSH
The Ethernet switch also supports SSH (Secure Shell) which allows the user to log in from a remote
computer over the network.
The next section is intended to guide users on how to use an SSH client—PuTTY to make a
connection to the Ethernet switch.
Configuring PuTTY
Launch PuTTy, and you will see a dialog box that allows you to control everything PuTTY can do.
You do not usually need to change most of the configuration options. To start the simplest kind of
session, please follow the steps below.
» In the Host Name (or IP address) field, enter the Internet host name or IP address of the server
you want to connect to.
» Now select a login session protocol to use, from the Connection type radio buttons. For a
login session, you should always select SSH.
TECh SUPPORT: 1.888.678.9427
Figure 25 – Basic Options for PuTTY
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 27
Page 28
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» Select the Connection4 SSH node of the tree-menu to configure options for controlling SSH
connections.
» Tick the check box labeled Don’t start a shell or command at all.
Figure 26 – Options Controlling SSH Connections
» Select the Connection4 SSH4 Tunnel node of the tree-menu to configure options for
controlling SSH port forwarding.
» Tick the check box labeled Local ports accept connection from other hosts that allows you
to set up local-to-remote port forwards (including dynamic port forwards) in such a way that
machines other than your client PC can connect to the forwarded port.
» Add a new forwarded port to connect to the SSH server and set the type to Local.
TECh SUPPORT: 1.888.678.9427
Figure 27 – Options Controlling SSH Port Forwarding
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 28
Page 29
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» After filling in, select the Add button. And you will see an entry added to the list box.
Figure 28 – Entry of Port Forwarding Added
» You can also save your preferred PuTTY options for a quick connection the next time it is
needed. Just go back to the Session node, and select the Save button with a session name
filled in. When you see the saved session in the list box, the session is saved.
Figure 29 – Saving Sessions
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 29
Page 30
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» To connect to the SSH server, select the session name and select the Open button. And then
you will see a window shows up with prompt message login as: Type guest for both user name
and password.
Figure 30 – Logging-in interface
» Run the cmd command to start the command prompt interface. Type telnet localhost 23 and
press Enter.
Figure 31 – Command Prompt interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 30
Page 31
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» When finished, a telnet session is successfully made using the SSH protocol.
Figure 32 – Console via SSH
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 31
Page 32
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Web-Based Management
This CNGE2FE16MS provides a convenient configuration method via web browser. You can follow
the steps below to access the equipment.
Note Your host PC should be in the same VLAN setting with the CNGE2FE16MS, or the
management will not be configured.
Connect the CNGE2FE16MS to the Ethernet network and your host PC can configure the switch
over the network. Or you can directly connect it to your host PC with a straight-through or
crossover Ethernet cable.
Before using web management, install the CNGE2FE16MS on the network and make sure that any
one of the PCs on the network can connect with the CNGE2FE16MS through the web browser.
The CNGE2FE16MS default values for IP, subnet mask, username and password are as below.
» IP Address: 192.168.10.1
» Subnet Mask: 255.255.255.0
» Default Gateway: 192.168.10.254
» User Name: admin
» Password: admin
Note Do not set “0” for the first segment of the subnet mask and default gateway
(000.xxx.xxx.xxx).
Refresh the web screen if the web could not be displayed while you change the setting.
» Launch Internet Explorer on the PC.
» Type the IP address of the switch in the Address Bar, and then Press Enter.
Figure 33 – Web Address Bar of Browser
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 32
Page 33
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» When the login dialog box appears, type the user name and password in the respective fields.
The default user name and password are the same: admin
» Press Enter or select the OK button, and then the home screen of the web-based management
will appear. You can change user name/password in the User Authentication section.
Figure 34 – Login dialog box
SSL
The CNGE2FE16MS also provides an option for you to connect with your browser via HTTP over
SSL, called HTTPS. The SSL (Secure Socket Layer) protocol allows users to make a secured session
between the browser (client) and the Ethernet switch (server).
You can type the prefix https:// followed by the IP address of the Ethernet switch in the address
bar of the browser. A closed padlock icon will appear next to the address bar, indicating that the
client is successfully connecting to the server via HTTPS.
Figure 35 – Secure Connection
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 33
Page 34
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
On the left side of the main page, you can find the tree menu structure of the Ethernet switch.
Select the “+” symbol to expand a category, and select any one of the hyperlinks to open its
function page.
TECh SUPPORT: 1.888.678.9427
Figure 36 – Web Based Management Home Screen
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 34
Page 35
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
System Information
Here you can view the system information and assign the system name and location to make this
switch more easily identified on your network.
» System Name: Assign the name of the switch. The maximum length is 64 bytes.
» System Description: A read-only field displaying the description of the switch.
» System Location: Assign the switch physical location. The maximum length is 64 bytes.
» System Contact: Enter the name of contact person or department.
» Firmware Version: Displays the switch’s firmware version.
» Kernel Version: Displays the kernel software version.
» MAC Address: Displays the unique hardware address assigned by manufacturer (default).
» Select Apply to have the any configuration changes take effect.
TECh SUPPORT: 1.888.678.9427
Figure 37– System Information interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 35
Page 36
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
IP Configuration
Due to the foreseeable address exhaustion of IPv4, the IP configuration of the Ethernet switch
is designed to provide an interface for users to configure the switch running both IPv4 and IPv6
architecture.
IPv4
The IPv4 tab allows users to configure the switch to receive an IP address from DHCP server
or manually fill in IP Address, Subnet Mask, Gateway and IP addresses of the primary and the
secondary DNS servers.
» DHCP Client: Enable or disable the DHCP client function. When the DHCP Client function is
enabled, the CNGE2FE16MS will be assigned an IP address from the network DHCP server.
The default IP address will be replaced by the assigned IP address on DHCP server. After
users select Apply, a popup dialog informs the user that when the DHCP client is enabled, the
current IP will be lost and the user should find the new IP on the DHCP server
» IP Address: Assign the IP address for the CNGE2FE16MS. With the DHCP Client function
enabled, the switch is configured as a DHCP client and users don’t need to assign the IP
address that is assigned by the DHCP server. The default IP is 192.168.10.1 or the user has to
assign an IP address manually when DHCP Client is disabled.
» Subnet Mask: Assign the subnet mask to the IP address. If the DHCP Client function is
disabled, the user has to assign the subnet mask manually.
» Gateway: Assign the network gateway for the switch. If the DHCP Client function is disabled,
the user has to assign the gateway manually. The default gateway is 192.168.10.254.
» DNS1: The Domain Name Server (DNS) translates domain names into IP addresses. The
domain name is in alphabetic order, which is easy to remember. The Internet is based on IP
addresses. Therefore, every time you use a domain name, a DNS service must translate the
name into the corresponding IP address. For example, the domain name www.net.com might
translate to 192.168.10.1.
» DNS2: The backup for DNS1. When DNS1 cannot function, DNS2 will then replace DNS1.
» When finished, select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 36
Page 37
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Figure 38 – IP configuration—IPv4
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 37
Page 38
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
IPv6
The IPv6 tab mainly features two fields displaying the Ethernet switch’s Global Unicast Address
and Link-Local Address.
» Global Unicast Address: A read-only field. When the CNGE2FE16MS switch is connected to a
network segment whith one or more routers connected, the switch will be assigned an address
known as Global Unicast Address by the router(s). Being assigned the Global Unicast Address,
the CNGE2FE16MS can then have access to different network segments.
» Link-Local Address: A read-only field. Link-Local Address is for use during auto-configuration
and when no any router presents. Being assigned the Link-Local Address, the Ethernet switch
can have access to all hosts on the same local segment to where it belongs.
TECh SUPPORT: 1.888.678.9427
Figure 39 – IP configuration—IPv6
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 38
Page 39
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
DHCP Server
Dynamic Host Configuration Protocol (DHCP) is a protocol for assigning dynamic IP addresses
to devices on a network. With dynamic addressing, a device can have a different IP address
every time it connects to the network. In some systems, the device’s IP address can even change
while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. Dynamic
addressing simplifies network administration because the software keeps track of IP addresses
rather than requires an administrator to manage the task. This means that a new computer can be
easily added to a network without the hassle of manually assigning it a unique IP address.
The system provides the DHCP server function. With the DHCP server function enabled, the
switch can be configured as a DHCP server.
System Configuration
» DHCP Server: This pull-down menu allows you to configure the switch to be the DHCP server
on your local network.
» Low IP Address: Type in an IP address as the beginning of a range of the dynamic IP address.
In Figure 40, for example, 192.168.10.100 is the relatively low IP address of the range.
» High IP Address: Type in an IP address as the beginning of a range of the dynamic IP address.
In Figure 40, for example, 192.168.10.200 is the relatively high IP address of the range.
» Subnet Mask: Type in the subnet mask of the IP configuration.
» Gateway: Type in the IP address of the gateway in your network.
» DNS: Type in the IP address of Domain Name Server in your network.
» Lease Time (sec): The length of time the dynamic IP addresses assigned to clients.
» Select Apply to have the configuration take effect.
Client Entries
TECh SUPPORT: 1.888.678.9427
Figure 40 – DHCP Server—System Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 39
Page 40
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
When the DHCP Server function is enabled, the system will collect the DHCP client information
including the assigned IP address, the MAC address of the client device, the IP assigning type,
states and lease time.
Figure 41 – DHCP Client Entries interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 40
Page 41
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port and IP Bindings
As shown in Figure 42, the switch will assign the IP address to the connected client according
to the Port-IP binding table. The user is allowed to fill each port with one particular IP address.
When the device connects to the port and asks for an IP assignment, the system will assign the IP
address bound with the port to the device.
TECh SUPPORT: 1.888.678.9427
Figure 42 – Port and IP Bindings interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 41
Page 42
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
TFTP
The Trivial File Transfer Protocol (TFTP) server allows the user to update the switch firmware.
Before updating, make sure the TFTP server is ready and the firmware image is located on the
TFTP server.
Update Firmware
» TFTP Server IP Address: Type in the IP address of the TFTP server.
» Firmware File Name: Type in the name of the firmware image file to be updated.
» When finished, select Apply to start updating.
Figure 43 – Update Firmware interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 42
Page 43
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Restore Configuration
You can restore a previous backup configuration from the TFTP server to recover the settings.
Before doing that, you must locate the image file on the TFTP server first for the switch to
download back the flash image.
» TFTP Server IP Address: Type in the IP address of the TFTP server.
» Restore File Name: Type in the correct file name for restoring.
» When finished, select Apply to start configuration restoration.
Figure 44 – Restore Configuration interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 43
Page 44
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Backup Configuration
You can back up the current configuration from flash ROM to the TFTP server for the purpose of
recovering the configuration at another time. It helps avoid wasted time spent configuring the
settings by backing up the entire configuration.
» TFTP Server IP Address: Type in the IP address of the TFTP server.
» Backup File Name: Type in the file name.
» When finished, select Apply to start backing up.
Figure 45 – Backup Configuration interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 44
Page 45
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
System Event Log
This feature allows the user to decide whether to send the system event log, and to select the
mode which the system event log will be sent to: client only, server only, or both client and server.
What kind of event log will be issued to the client/server depends on the selection on the Event
Configuration tab.
System Event Log—Syslog Configuration
» Syslog Client Mode: Select the system log mode—Client Only, Server Only, or Both.
Client Only means the system event log will only be sent to this interface of the switch, but on
the other hand Server Only means the system log will only be sent to the remote system log
server with its IP assigned. If the mode is set in Both, the system event log will be sent to the
remote server and this interface.
» Syslog Server IP Address: When the Syslog Mode item is set as Server Only/Both, the user is
required to assign the system log server IP address to which the log will be sent.
» Select Reload to refresh the event log displaying area.
» Select Clear to clear the displaying area.
» Make sure the selected mode and IP address, if needed, is correct and select Apply to have
the setting take effect.
TECh SUPPORT: 1.888.678.9427
Figure 46 – Syslog Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 45
Page 46
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
System Event Log—SMTP Configuration
Simple Mail Transfer Protocol (SMTP) is the standard for email transmissions across the network.
You can configure the SMTP server IP address, sender mail account, password, and the recipient
email account to which the e-mail alert will send. This page provides the authentication
mechanism including the authentication steps through which the client effectively logs in to the
SMTP server during the process of sending email alert.
» Email Alert: With this function enabled, the user is allowed to configure the detail settings for
sending the e-mail alert to the SMTP server when the events occur.
» SMTP Server IP Address: Assign the mail server IP address (when Email Alert is enabled, this
field will then be available).
» Sender: Type in an alias of the switch in complete email address format,
e.g. switch88@comnet.net, to identify where the e-mail alert comes from.
» Authentication: Select the checkbox to have the mail account, password and confirm password
fields show up. Configure the email account and password for authentication procedures when
this switch logs in to the SMTP server.
» Mail Account: Specify the email, e.g. igoodman@comnet.net, to receive the email alert. It must
be an existing email account on the mail server.
» Password: Type in the password for the email account entered for Mail Account.
» Confirm Password: Enter the password again.
» Rcpt e-mail Address 1 ~ 6: You can specify up to 6 e-mail accounts to receive the email alert.
» Select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
Figure 47 – SMTP Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 46
Page 47
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
System Event Log—Event Configuration
The checkboxes and pull-down menus are not available unless the Syslog Client Mode on the
Syslog Configuration tab and the E-mail Alert on the SMTP Configuration tab are enabled first.
This tab mainly controls whether an event notification is to be sent to the Syslog/SMTP server.
The section labeled System Event Selection controls the event notification including Device Cold
Start, Authentication Failure, and MAC Violation. With the Syslog/SMTP checkbox selected, the
event log/email alert will be sent to the system log server/SMTP server respectively. The section
labeled Port Event Selection sets the trigger conditions for each port, triggering port events (link
up, link down, and both) to be sent to the system log server/SMTP server.
System event selection
There are three event types—Device Cold Start, Authentication Failure, and MAC Violation.
» Device Cold Start: Check the Syslog/SMTP checkboxes respectively to have the system issue
the event log/email alert to the system log/SMTP server when the device executes the cold
start action.
» Authentication Failure: When the SNMP authentication fails, the system will issue the event
log/email alert to the system log/SMTP server respectively.
» MAC Address Violation: If a device whose MAC address is not in the MAC address table
attempts to access the port, the system will issue the event log/email alert to the system log/
SMTP server respectively. (Note that the Security property of the Port Control function also has
to be set at On. See the Port Control section for further details.)
Port event selection
Each drop-down menu has four options—Disable, Link UP, Link Down, and Link UP & Link Down.
» Disable means no event will be sent to the system log/SMTP server.
» Link UP: The system will issue a log message only when the link-up event of the port occurs.
» Link Down: The system will issue a log message only when the link-down event of port occurs.
» Link UP & Link Down: The system will issue a log message at the time when port connection is
link-up and link-down.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 47
Page 48
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
TECh SUPPORT: 1.888.678.9427
Figure 48 – Event Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 48
Page 49
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Fault Relay Alarm
The Fault Relay Alarm function provides Power Failure, Port Link Down/Broken and MAC
Violation detection. Select the checkbox to enable the relay alarming function. Please refer to the
segment of ‘Wiring the Fault Alarm Contacts’ for the external warning device installation.
» Power Failure: With the checkbox selected the relay device inside the CNGE2FE16MS changes
its state and the FAULT LED indicator is on if a power failure occurs.
» Port Link Down/Broken: With the checkbox selected the relay device inside the
CNGE2FE16MS changes its state and the FAULT LED indicator is on if the corresponding ports’
states become link down or broken.
» MAC Violation: With the checkbox selected the relay device inside the CNGE2FE16MS
changes its state and the FAULT LED indicator is on if a MAC address violation event occurs.
TECh SUPPORT: 1.888.678.9427
Figure 49 – Fault Relay Alarm interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 49
Page 50
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
SNTP Configuration
SNTP (Simple Network Time Protocol) is a simplified version of NTP, that is an Internet protocol
used to synchronize the clocks of computers with a selected time reference. Because time usually
just advances, the time on different node stations might be different. With the communicating
programs running on those devices, it would cause time to jump forward and back, an undesirable
effect. Therefore, the CNGE2FE16MS provides comprehensive mechanisms to access national
time and frequency dissemination services, organize the time-synchronization subnet and the local
clock in each participating subnet peer.
Daylight Saving Time (DST) is the convention of advancing clocks so that afternoons have more
daylight and mornings have less. Typically clocks are adjusted forward one hour near the start of
spring and are adjusted backward in autumn.
» SNTP Client: Enable/disable the SNTP function to get the time from the SNTP server.
» Daylight Saving Time: This function is used to enable/disable Daylight Saving Period and
Daylight Saving Offset fields.
» UTC Timezone: Set the location time zone for the switch. Table 5 lists different location time
zones for your reference.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 50
Page 51
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Local Time Zone Conversion from UTC Time at 12:00 UTC
November Time Zone - 1 hour 11 am
Oscar Time Zone -2 hours 10 am
ADT - Atlantic Daylight -3 hours 9 am
AST - Atlantic Standard
-4 hours 8 am
EDT - Eastern Daylight
EST - Eastern Standard
-5 hours 7 am
CDT - Central Daylight
CST - Central Standard
-6 hours 6 am
MDT - Mountain Daylight
MST - Mountain Standard
-7 hours 5 am
PDT - Pacific Daylight
PST - Pacific Standard
-8 hours 4 am
ADT - Alaskan Daylight
ALA - Alaskan Standard -9 hours 3 am
HAW - Hawaiian Standard -10 hours 2 am
Nome, Alaska -11 hours 1 am
CET - Central European
+1 hour 1 pm
FWT - French Winter
MET - Middle European
MEWT - Middle European Winter
SWT - Swedish Winter
EET - Eastern European, USSR Zone 1 +2 hours 2 pm
BT - Baghdad, USSR Zone 2 +3 hours 3 pm
ZP4 - USSR Zone 3 +4 hours 4 pm
ZP5 - USSR Zone 4 +5 hours 5 pm
ZP6 - USSR Zone 5 +6 hours 6 pm
WAST - West Australian Standard +7 hours 7 pm
CCT - China Coast, USSR Zone 7 +8 hours 8 pm
JST - Japan Standard, USSR Zone 8 +9 hours 9 pm
EAST - East Australian Standard GST
+10 hours 10 pm
Guam Standard, USSR Zone 9
IDLE - International Date Line
+12 hours Midnight
NZST - New Zealand Standard
NZT - New Zealand
Table 5 – UTC Time Zones
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 51
Page 52
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» SNTP Server URL: Specify the SNTP server IP address. You can assign a local network time-
server IP address or an internet time-server IP address.
» Switch Timer: When the switch has successfully connected to the SNTP server whose IP
address was assigned in the field of SNTP Server URL, the current coordinated time is
displayed here.
» Daylight Saving Period: Set up the start and end date/time of the daylight saving period.
Please key in the value in the format of ‘YYYYMMDD’ and ‘HH:MM’ (leave a space between
‘YYYYMMDD’ and ‘HH:MM’).
› YYYYMMDD: an eight-digit year/month/day specification.
› HH:MM: a five-digit (including a colon mark) hour/minute specification.
› For example, key in ‘20070701 02:00’ and ‘20071104 02:00’ in the two fields respectively
to represent that DST begins at 2:00 a.m. on March 11, 2007 and ends at 2:00 a.m. on
November 4, 2007.
» Daylight Saving Offset (mins): For non-US and European countries, specify the amount of time
for daylight savings. Please key in the valid figure in the range of minute between 0 and 720,
which means you can set the offset up to 12 hours.
» Synchronization Interval (secs): The Synchronization Interval is used for sending synchronizing
packets periodically. Users can assign the time ranging from 64 to 1024 seconds. A 0 value
displaying by default means that you disabled the auto-synchronized feature in the SNTP client
mode. You can enable the feature by filling the interval range from 64~1024 seconds.
» Select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
Figure 50 – SNTP Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 52
Page 53
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
IP Security
The IP security function allows the user to assign up to 10 specific IP addresses that have
permission to manage the switch through the http and telnet services for securing switch
management. The purpose of giving permission to limited IP addresses is to allow only the
authorized personnel/device to do the management task on the switch.
» IP Security Mode: With this selection item set in the Enable mode, the Enable HTTP Server,
Enable Telnet Server checkboxes and the ten security IP fields will then be available. If not,
those items will appear in grey.
» Enable HTTP Server: With this checkbox selected, Ethernet devices whose IP addresses match
any one of the ten IP addresses in the Security IP table will be given permission to access this
switch via the HTTP service.
» Enable Telnet Server: With this checkbox selected, Ethernet devices whose IP addresses match
any one of the ten IP addresses in the Security IP table will be given permission to access this
switch via the telnet service.
» Security IP 1 ~ 10: The system allows the user to assign up to 10 specific IP addresses for
access security. Only when IP Security Mode is enabled can these 10 IP addresses access and
manage the switch through the HTTP/Telnet services.
» And then, select Apply to have the configuration take effect.
Note Remember to execute the Save Configuration action, otherwise the new configuration will
be lost when the switch powers off.
Figure 51 – IP Security interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 53
Page 54
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
User Authentication
The User Authentication interface allows users to configure different login accounts for security
reasons. The Admin User account is given administrative privileges. If you want others to
access the Ethernet switch with a restricted account, configure the Guest User account for login
authentication.
Admin User
» User Name: The admin user account is admin by default. Type in the User Name field with a
new name as you wish.
» New Password: The password to the admin user account is admin by default. Specify a new
password as you wish.
» Confirm password: Type in the new password again for confirmation.
» When finished, select Apply to have the configuration take effect.
Guest User
» User Name: The guest user account is user by default. Type in the User Name field with a new
name as you wish.
» New Password: The password to the guest user account is user by default. Specify a new
password as you wish.
» Confirm password: Type in the new password again for confirmation.
» When finished, select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
Figure 52 – User Authentication interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 54
Page 55
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
N-Key Transaction
Users can back up or restore configuration from/to the switch via this interface.
» Auto mode: Tick this check box and select Apply to enable the function that with the N-Key
device connected to the RS-232 console port, the switch will automatically load the system
configuration from N-Key when booting up.
» Backup: Make sure N-Key is connected with the RS-232 console port and then select this
button to back up the current configuration from the switch.
» Restore: Make sure N-Key is connected and then select this button to load the system
configuration from N-Key.
Note: After selecting the Backup/Restore button, for the purpose of confirmation, you will see
a dialog box showing up to display the current N-Key information including model name,
firmware version, kernel version, and the last backup time.
TECh SUPPORT: 1.888.678.9427
Figure 53 – N-Key Transaction interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 55
Page 56
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port Statistics
The Port Statistics chart provides the current statistics information that displays the real-time
packet transfer states for each port. The user might use the information to plan and implement the
network, or check and find the problem when a collision or heavy traffic occurs.
» Port: Port number indexed.
» Type: Displays the network media type of the port.
» Link: The states of linking — Up or Down.
» State: Displays port states set by the Port Control interface. When the state is disabled, the
port will not transmit or receive any packet.
» Tx Good Packet: The counts of transmitting good packets via this port.
» Tx Bad Packet: The counts of transmitting bad packets (including undersize [less than 64
bytes], oversize, CRC Align errors, fragments and jabbers packets) via this port.
» Rx Good Packet: The counts of receiving good packets via this port.
» Rx Bad Packet: The counts of receiving good packets (including undersize [less than 64 bytes],
oversize, CRC error, fragments and jabbers) via this port.
» Tx Abort Packet: The counts of aborted packets while transmitting.
» Packet Collision: The counts of packet collision.
» Packet Dropped: The counts of dropped packets.
» Rx Bcast Packet: The counts of broadcast packets.
» Rx Mcast Packet: The counts of multicast packets.
» Select the Clear button to clear the Port Statistics chart of all counts.
TECh SUPPORT: 1.888.678.9427
Figure 54 – Port Statistics interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 56
Page 57
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port Control
In Port Control (See Figure 55) you can configure the parameters of the connection for each port.
» Port: Scroll up/down the scroll bar and select on the port number to choose a particular port
to be configured.
» State: Enable/disable the port. If the port state is set on Disable, the port will not be able to
receive or transmit any packet.
» Negotiation: Options include Auto and Force. With this parameter set on Auto, the speed and
duplex fields display in grey, which means the ports are negotiated automatically. When you
set it on Force, you have to set the speed and duplex mode manually by selecting the pulldown menus of the Speed and Duplex fields.
» Speed: It is available for selecting when the Negotiation field is set on Force. When the
Negotiation field is set on Auto, this field becomes a read-only field displaying in grey.
» Duplex: It is available for selecting when the Negotiation field is set on Force. When the
Negotiation field is set on Auto, this field becomes a read-only field displaying in grey.
» Flow Control: Whether or not the receiving node sends feedback to the sending node is
determined by this item. With this item enabled, if the input data rate of the receiving device
exceeds, the receiving device will send a PAUSE frame that halts the transmission of the sender
for a specified period of time. With this item disabled, the receiving device will drop the
packets it is unable to process.
» Security: When the Security selection is set as On, any access from the device that connects
to this port will be blocked unless the MAC address of the device is included in the static MAC
address table. Keep in mind that the Security item is set as On so that the MAC violation event
log/email alert will then be issued. Further information please review the segments of MAC
Address Table—Static MAC Addresses and System Event Log—Event Configuration.
» Select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 57
Page 58
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
TECh SUPPORT: 1.888.678.9427
Figure 55 – Port Control interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 58
Page 59
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port Trunk
Port-trunking is the combination of several ports or network cables in order to expand the
connection speed beyond the limits of any one single port or network cable. Link Aggregation
Control Protocol (LACP), which is a protocol running on layer 2, provides a standardized means in
accordance with IEEE 802.3ad to bundle several physical ports together to form a single logical
channel. All the ports within the logical channel or so-called logical aggregator work at the same
connection speed and LACP operation requires full-duplex mode.
Aggregator Setting
Please read the instructions below and refer to Figure 66 to make an LACP or non-LACP trunk group.
» System Priority: A value that is used to identify the controlling switch of an LACP link system.
The switch with the lower value has the higher system priority and is selected as the controlling
end, which controls port priorities, of the LACP link system.
» Group ID: There are four trunk groups to be selected. Assign the group ID to the particular
trunk group.
» LACP: Select the pull-down menu to enable/disable LACP for the trunk group. With LACP
enabled, a port that joins an LACP trunk group has to make an agreement with its member
ports first. Please notice that a trunk group, including member ports split between two
switches, has to enable the LACP function of the two switches. When disabled, the trunk group
is a static trunk group. The advantage of having the LACP disabled is that a port joins the trunk
group without any handshaking with its member ports; but member ports won’t know that they
should be aggregated together to form a logic trunk group.
» Work Ports: This field allows the user to type in the total number of active ports up to four.
With a LACP trunk group employed, for example you assign four ports to be the members of a
trunk group whose Work Ports field is set as two the excessive ports will be standby/redundant
ports and can be aggregated instead of working ports that fail. As for the static trunk group
(non-LACP), the number of work ports must equal the total number of the group member
ports.
» The system allows a maximum of four ports to be aggregated in a trunk group. Having
configured the parameters above, highlight the ports in the right list box to join the trunk
group. Select the Add button and the ports highlighted in the right list box will be shifted to
the left list box. To remove unwanted ports, select the ports in the left list box and select the
Remove button.
» When LACP enabled, you can configure LACP Active/Passive states for each member port on
the State Activity tab.
» When finished, select Apply to take the configuration take effect.
» To remove a trunk group, select the Group ID by selecting the pull-down menu labeled as
Group ID and select then select the Delete button.
INS_CNGE2FE16MS_REV–
TECh SUPPORT: 1.888.678.9427
01/11/12 PAGE 59
Page 60
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Figure 56 – Port Trunk—Aggregator Setting interface (four ports are added to the left field with LACP enabled)
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 60
Page 61
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Aggregator Information
LACP Disabled
Having configured the aggregator setting with LACP disabled, you can check the static trunk
group information on the Aggregator Information tab.
Figure 57 – Assigning 2 ports to a trunk group with LACP disabled
Figure 58 – Static Trunking Group Information tab
» Group Key: This is a read-only field that displays the trunk group ID.
» Port Member: This is a read-only field that displays the members of the static trunk group.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 61
Page 62
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
LACP Enabled
Having configured the aggregator setting with LACP enabled, you can check the trunking group
information between two switches on the Aggregator Information tab.
Configuration for Switch 1
» Set System Priority of the trunk group. The field displays 1 by default.
» Select a trunk Group ID by selecting the pull-down menu.
» Enable LACP.
» Include the member ports by highlighting the ports in the right list box and then select the
Add button. Note the number in the Work Ports field changes automatically depending on
how many ports you have selected.
TECh SUPPORT: 1.888.678.9427
Figure 59 – Switch 1 configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 62
Page 63
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Figure 60 – Aggregation Information of Switch 1
» Select the Aggregator Information tab to check the trunked group information as the
illustration shown above after the two switches configured.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 63
Page 64
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Configuration for Switch 2
Figure 61 – Switch 2 Configuration Interface
» Set System Priority of the trunk group. The field displays 1 by default.
» Select a trunk Group ID by selecting the pull-down menu.
» Enable LACP.
» Include the member ports by highlighting the ports in the right list box and then select the
Add button. Note the number in the Work Ports field changes automatically depending on
how many ports you have selected.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 64
Page 65
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Figure 62 – Aggregation Information of Switch 2
» Select the Aggregator Information tab to check the trunked group information as the
illustration shown above after the two switches configured.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 65
Page 66
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
State Activity
Having configured the LACP aggregator on the Aggregator Setting tab, you may want to change
the state activity for the members of the LACP trunk group. You can select/unselect the checkbox
beside the state label. If you remove the select mark of the corresponding port and select the
Apply button, the port state activity will change to Passive.
» Active: The port automatically sends LACP protocol packets.
» Passive: The port does not actively send LACP protocol packets. It responds only if it receives
LACP protocol packets from the opposite device.
Note A link having two passive LACP nodes will not perform dynamic LACP trunk because both
ports are waiting for an LACP protocol packet from the opposite device.
Figure 63 – State Activity of Switch 1
Figure 64 – State Activity of Switch 2
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 66
Page 67
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port Mirroring
Port Mirroring is a method for monitoring of network traffic on switched networks. Traffic through
ports can be monitored by one specific port, which means traffic going in or out the monitored
(source) ports will be duplicated into the mirroring (destination) port.
Figure 65 – Port Mirroring interface
» Destination Port: Select one port to be the destination (mirroring) port for monitoring both
RX and TX traffic coming from the source port. Or, select two ports for monitoring RX traffic
and TX traffic respectively. Users can forward the traffic captured by the mirroring port to the
packet analyzer such as Netxray for further analyses.
» Source Port: Select the checkbox to monitor the corresponding port. All monitored port traffic
will be copied to the mirroring (destination) port. Users can select multiple source ports by
selecting the RX or TX checkboxes.
» When finished, select the Apply button.
INS_CNGE2FE16MS_REV–
TECh SUPPORT: 1.888.678.9427
01/11/12 PAGE 67
Page 68
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Rate Limiting
You can respectively configure the ingress limitation type and ingress/egress rate for each port.
Ingress Limit Frame Type
Select the limit type for ingress frames. Four options are available as follows:
» All
» Broadcast/Multicast/Flooded Unicast
» Broadcast/Multicast
» Broadcast only
The egress rate will limit all types of frame.
Figure 66 – Rate Limiting interface
» Select the Ingress and Egress pull-down menus to select the bandwidth limit.
» When finished, select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 68
Page 69
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
DMI
The DMI (Diagnostic Monitoring Interface) is developed for monitoring temperature, voltage,
current, transmitting power and receiving power for SFP (Mini-GBIC) ports. If the real detected
values, such as temperature, voltage, current etc., of the respective ports reach the threshold
of the connected transceiver, the system will shut down the device or send e-mail to notify the
related staff. The recipients can be specified via the SMTP configuration. Please refer to the
System Event Log—SMTP Configuration section.
Figure 67 – DMI interface
» Port No.: Select the pull-down menu to select a particular SFP port to display its information
and define reaction options.
» Temperature: The fields showing values measured in degrees Celsius. Select the radio button
labeled as Off to shut down the device or the other one labeled as e-mail to send e-mail for
notifications when the port temperature reaches the threshold.
» Voltage: The fields showing values measured in voltages. Select the radio button labeled as
Off to shut down the device or the other one labeled as e-mail to send e-mail for notifications
when the port voltage reaches the threshold.
» Current: The fields showing values measured in milliamperes. Select the radio button
labeled as Off to shut down the device or the other one labeled as e-mail to send e-mail for
notifications when the port current reaches the threshold.
» TX PWR: The fields showing values measured in milliwatts. Select the radio button labeled as
Off to shut down the device or the other one labeled as e-mail to send e-mail for notifications
when the port transmitting power reaches the threshold.
» RX PWR: The fields showing values measured in milliwatts. Select the radio button labeled as
Off to shut down the device or the other one labeled as e-mail to send e-mail for notifications
when the port receiving power reaches the threshold.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 69
Page 70
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
VLAN Configuration
A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain, which allows
you to isolate network traffic. Therefore only the members of the same VLAN will receive traffic
from the ones among the same VLAN. Basically, creating a VLAN on a switch is logically equivalent
of reconnecting a group of network devices to another Layer 2 switch; however, all the network
devices are still plugged into the same switch physically.
This switch supports 802.1Q (tagged-based) VLAN. Please read the following instructions to
configure the appropriate type of VLAN for your need.
Figure 68 – VLAN Configuration interface
802.1Q VLAN
When the VLAN operation mode is set on 802.1Q, all ports on the switch belong to the default
VLAN of VID 1, which means they logically are regarded as members of the same broadcast
domain. The valid VLAN ID is in the range of number between 1 and 4094. The amount of VLAN
groups is up to 256 including the default VLAN that cannot be deleted.
GVRP (GARP VLAN Registration Protocol) is a protocol that facilitates control of VLANs within
a larger network. GVRP conforms to the IEEE 802.1Q specification, which defines a method
of tagging frames with VLAN configuration data. This allows network devices to dynamically
exchange VLAN configuration information with other devices. For example, with GVRP enabled,
the switches are able to automatically exchange the information of their VLAN database.
Therefore, the user needn’t manually configure the link type. The packets belonging to the same
VLAN can communicate across switches.
Each member port of 802.1Q is on either an Access Link (VLAN-tagged) or a Trunk Link (no
VLAN-tagged). All frames on an Access Link carry no VLAN identification. Conversely, all frames
on a Trunk Link are VLAN-tagged. Besides, there is the third mode—Hybrid. A Hybrid Link can
carry both VLAN-tagged frames and untagged frames. A single port is supposed to belong to a
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 70
Page 71
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
particular VLAN group, except it is on a Trunk/Hybrid Link.
The technique of 802.1Q tagging inserts a 4-byte tag, including VLAN ID of the destination port—
PVID, in the frame. With the combination of Access/Trunk/Hybrid Links, the communication across
switches also can make the packet sent through tagged and untagged ports.
This switch supports IEEE 802.1Q-in-Q or IEEE 802.1ad standard developed to break through the
limitation of 802.1Q for multi-VLAN environments where the amount of VLAN may exceeds 4096.
Q-in-Q allows a given Ethernet frame with two VLAN headers inserted, known as doubled-tagged
or stacked VLANs. And therefore, a double-tagged frame is sufficient to accommodate the
amount of VLANs up to 4096 x 4096 = 16777216.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 71
Page 72
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
802.1Q Configuration
Please follow the instructions below to configure the 802.1Q VLAN.
» Select the pull-down menu to select 802.1Q and select Apply to configure the VLAN
Operation Mode on 802.1Q.
» Enable GVRP Protocol: Select this checkbox to enable GVRP protocol. This checkbox is
available while the VLAN Operation Mode is set on 802.1Q.
» Management VLAN ID: Only the VLAN members, whose Untagged VID (PVID) equals to
the value specified in this field, have permission to access the switch. The default value is 0
meaning this limit is not enabled (all members in different VLANs can access this switch).
» After you have configured the three parameters, select the Apply button right beneath this
area to finish creating an 802.1Q VLAN.
Figure 69 – 802.1Q VLAN interface
» On the 802.1Q Configuration tab, select the Port pull-down menu to select a port you want to
configure within the VLAN.
INS_CNGE2FE16MS_REV–
TECh SUPPORT: 1.888.678.9427
01/11/12 PAGE 72
Page 73
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» Link Type: Three options are available. Select the Link Type pull-down menu to select the link type.
» Access Link: A segment that provides the link path for one or more stations to the VLAN-aware
device like switches. An Access Port (untagged port) connecting to the access link has an
untagged VID (also called PVID). After an untagged frame gets into the access port, the switch
inserts a four-byte tag in the frame. The contents of the last 12-bit of the tag is the untagged
VID. When this frame is sent out through any of the access ports of the same PVID, the switch
will remove the tag from the frame to recover it to what it was. Those ports of the same
untagged VID are regarded as the same VLAN group members.
Note: Because the access port doesn’t have an understanding of tagged frame, the field
of Tagged VID is not available.
» Trunk Link: A segment that provides the link path for one or more VLAN-aware devices. A
Trunk Port connecting to the trunk link has an understanding of tagged frame, which is used
for communications across VLANs. Which frames of the specified VIDs will be forwarded
depends on the values filled in the Tagged VID field. Insert a comma between two VIDs.
Note: A trunk port doesn’t insert tags into an untagged frame, and therefore the untagged
VID field is not available.
It’s not necessary to type 1 in the tagged VID field. The trunk port will forward the
frames of VLAN 1.
The trunk port has to be connected to a trunk/hybrid port of the other switch. Both
the tagged VID of the two ports have to be the same.
» Hybrid Link: A segment that consists of Access and Trunk links. The hybrid port has
both the features of the access and trunk ports. A hybrid port has a PVID belonging to a
particular VLAN, and also forwards the specified tagged-frames for the purpose of VLAN
communications between switches.
Note: It’s not necessary to type 1 in the tagged VID field. The hybrid port will forward the
frames of VLAN 1.
The trunk port has to be connected to a trunk/hybrid port of the other switch. Both
the tagged VID of the two ports have to be the same.
» QinQ: With the given port set its link type on QinQ, where frames received will be added a
tag as an outer 802.1Q VLAN header that needs to be specified by users in the Untagged Vid
field next to this pull-down menu. The value(s) specified in the Tagged Vid field show the inner
802.1Q VLAN header(s) that constitute frames with those VLAN headers will be encapsulated.
» Untagged Vid: This field is available when the Link Type pull-down menu is set on Access Link,
Hybrid Link and QinQ. Assign a number in the range between 1 and 4094.
» Tagged Vid: This field is available when the Link Type pull-down menu is set on Trunk Link and
Hybrid Link and QinQ. Assign a number in the range between 1 and 4094.
» Select the Apply button on the tab to have the port configuration take effect.
» And then you can see the link type, untagged VID, and tagged VID information of each port
shown in the table on the screen.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 73
Page 74
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Group Configuration
Edit the existing VLAN Groups.
» Select the Group Configuration tab.
» Select a VLAN group in the list box and select the Edit button.
Figure 70 – Group Configuration interface
» After selecting the Edit button, you can change Group Name and VLAN ID of the selected
VLAN group.
Figure 71 – Group Configuration interface
» When finished, select Apply to have the modification take effect.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 74
Page 75
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Rapid Spanning Tree
The Rapid Spanning Tree Protocol (RSTP) is an evolution of the Spanning Tree Protocol providing
for faster spanning tree convergence after a topology change. The system also supports STP and
will auto-detect the connected device running STP or RSTP.
RSTP System Configuration
This tab allows users to configure parameters for RSTP and displays the spanning tree information
of the root bridge. Refer to Figure 72.
» RSTP Mode: Select the RSTP Mode pull-down menu to enable the RSTP function.
» Priority (0-61440): The switch with the lowest numerical value has the highest priority and will
be selected as the admin device. If the value is changed, users must reboot the switch. Note
the value specified in the Priority field must be a multiple of 4096 according to the protocol
rule.
» Max Age (6-40): Enter the time in seconds between 6 and 40 for which the switch waits to
attempt to save its configuration.
» Hello Time (1-10): Enter the time in seconds between 1 and 10 that controls the switch to send
out the BPDU packet to check current states of RSTP.
» Forward Delay Time (4-30): Enter the time in seconds between 4 and 30 that a port spends
changing from its learning and listening state to the forwarding state.
» When finished, select the Apply button to have the configuration take effect.
Note: Follow the rule below to configure Max Age, Hello Time, and Forward Delay Time
parameters.
2 x (Forward Delay Time value –1) > = Max Age value >= 2 x (Hello Time value +1)
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 75
Page 76
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Root bridge Information
The column fields give the current bridge information for the switch.
» Bridge ID: This field displays the bridge ID by showing the MAC address of this switch.
» Root Priority: This field displays the numerical value indicating bridge priority of the switch.
Generally, the switch with the lowest numerical value in the network is set as the root bridge.
» Root Port: This field indicates which port is connecting to the root bridge. When the switch is
set as the root bridge, the word Root shows here.
» Root Path Cost: This field displays the path cost between the switch’s Root Port and the
designated port of the root bridge. Path cost is a value to each port typically based on rules
described as part of 802.1d. For the root bridge this is zero. For all other bridges, it is the sum
of the port path costs on the least cost path to the root bridge.
» Max Age: Displays the configured aging time of the switch.
» Hello Time: Displays the configured Hello Time.
» Forward Delay: Displays the configured forward delay time.
TECh SUPPORT: 1.888.678.9427
Figure 72 – RSTP System Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 76
Page 77
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port Configuration
This tab (Figure 73) offers the interface for RSTP port configuration where you can assign
parameters to each port. The rapid spanning tree protocol will have the port with the higher
priority in forwarding state and block other ports to make certain that there is no loop in the LAN.
Scroll the list box to select a port for configuration.
» Path Cost: The path cost can be managed. Enter a number in the range of 1 to 200,000,000.
» Priority: Port Priority. Give the value to decide which port is to be blocked by setting its
priority. Enter a number between 0 and 240. The entered value must be a multiple of 16.
» Admin P2P: The rapid state transitions possible within RSTP are dependent upon whether the
port concerned can only be connected to exactly another bridge (i.e. it is served by a point-topoint LAN segment), or can be connected to two or more bridges (i.e. it is served by a shared
medium LAN segment). This function allows the P2P states of the link to be manipulated
administratively. True means the port is regarded as a point-to-point link. False means the port
is regarded as a shared link. Auto means the link type is determined by the auto-negotiation
between the two peers.
» Admin Edge: The port directly connected to an end station is known as an edge port that
won’t create bridging loop in the network. To configure the port as an edge port, set the port
to True state.
» Admin Non STP: Configure whether the port includes the STP mathematic calculation. True
means not to include the STP mathematic calculation. False means the STP mathematic
calculation is included.
» When finished, select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 77
Page 78
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
TECh SUPPORT: 1.888.678.9427
Figure 73 – RSTP Port Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 78
Page 79
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
SNMP Configuration
Simple Network Management Protocol (SNMP) is the protocol developed to manage nodes
(servers, workstations, routers, switches and hubs etc.) on an IP network. SNMP enables network
administrators to manage network performance, find and solve network problems, and plan for
network growth. Network management systems (NMS) learn of problems by receiving traps or
change notices from network devices implementing SNMP.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 79
Page 80
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
System Configuration
This tab allows users to define new community strings and remove the unwanted community
strings for authentication purposes. With adding a new community string, you should also specify
the type of access permission and the agent mode.
» String: Enter the community string in the field as a password for authentication.
» RO: Read only. With this radio button selected, the community string is given the read-only
permission for the MIB objects.
» RW: Read/write. With this radio button selected, the community string is given the read/write
permission for the MIB objects.
» Select Add to finish adding a new community string.
» To remove a specific community string, select the community string shows in the list box and
select Remove. The strings of Public_RO and Private_RW are default strings. You can remove
them but after resetting the switch to default, the two strings show up again.
» Agent Mode: Select one of the radio buttons to choose the SNMP version that the community
string will use. And then select Change to ensure the selected SNMP version mode is changed.
TECh SUPPORT: 1.888.678.9427
Figure 74 – SNMP System Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 80
Page 81
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Trap Configuration
A trap manager is a management station that receives trap messages generated by the switch.
If no trap manager is defined, no traps will be issued. To define a management station as a trap
manager, assign an IP address, enter the SNMP community strings, and select the SNMP trap
version.
» IP Address: Enter the IP address of the trap manager.
» Community: Enter the community string for the trap station.
» Trap Version: Select the SNMP trap version—v1 or v2c.
» When finished, select Add.
» To remove a specific manager station, select the entries listed in the Current Managers field
and select Remove.
TECh SUPPORT: 1.888.678.9427
Figure 75 – Trap Managers interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 81
Page 82
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
SNMPV3 Configuration
This tab allows users to configure the SNMPv3 settings for communications via SNMPv3.
Context Table
Configure the SNMPv3 context table. Assign the context name in the field. Select Apply to add
the context name added or changed.
User Table
Configure the SNMPv3 user table.
» User ID: Type the user name in the field.
» Authentication Password: Assign the authentication password to the user ID.
» Privacy Password: Assign the private password to the user ID.
» Select the Add button to create a new user profile.
» To remove a user profile, select an entry in the Current User Profiles list box and select the
Remove button to remove the unwanted user profile.
Group Table
Configure the SNMPv3 group table.
» Security Name (User ID): Specify the user name that you have set up in the user table.
» Group Name: Type the group name in the field.
» Select the Add button to create a new group name
» To remove a group name, select an entry in the Current Group Content list box and select the
Remove button to remove the unwanted group.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 82
Page 83
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Access Table
Figure 76 – SNMPv3 configuration interface
TECh SUPPORT: 1.888.678.9427
Figure 77 – Configure the SNMPv3 access table
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 83
Page 84
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
» Context Prefix: In this filed type in the prefix letters of the context name that is assigned in the
context table.
» Group Name: Type in the group name that is assigned in the group table.
» Security Level: Select a radio button to determine which security level is assigned to the
group. The options include:
› NoAuthNoPriv: Communications are made without authentication or encryption.
› AuthNoPriv: Communications are made with authentication but without encryption.
› AuthPriv: Communications are made with authentication and encryption.
» Context Match Rule: Select the radio button to determine the context-matching rule. You can
configure it as a complete matching or prefix matching condition.
» Read View Name: Assign permission of reading to a user ID type that exists in the User Table.
» Write View Name: Assign permission of writing to a user ID type that exists in the User Table.
» Notify View Name: Assign permission of notifying a user ID type that exists in the User Table.
» Select Add to create a new access entry.
» Select an entry in the Current Access Tables list box and select Remove to delete the unwanted
access entry.
MIBview Table
Configure the SNMPv3 MIB view table.
» ViewName: Type in a new view name in the field.
» Sub-OID Tree: Type in the Sub OID that allows the view to access the objects of the level.
» Type: Select the radio button to determine the view type – exclude or included.
» Select Add to create a new entry.
» Select Remove to delete the unwanted entry.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 84
Page 85
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
QoS Configuration
In general, traffic on networks is treated as the same priority and delivered equally. With QoS
enabled, users can classify frames or packets into different priorities to ensure specific network
traffic is delivered on a foundation of best-effort. The incoming frames or packets can be sent to
different priority queues for different priority service according to the configured polices.
QoS Policy
Select one of the two radio buttons to determine the QoS policy—an 8-4-2-1 weighted fair
queuing scheme or a strict priority scheme. The 8-4-2-1 weighed fair queuing scheme designed
with four queues to which allocate traffic in the rate of 8:4:2:1. As for the strict priority scheme,
traffic will be identified according to the priority determined.
QoS Policy
Select the QoS policy rule.
» Use an 8,4,2,1 weighted fair queuing scheme: The switch will follow the ratio of 8:4:2:1 to
process priority queues including High, Middle, Low and Lowest. For example, while the
system processing, 1 frame in the lowest queue, 2 frames in the low queue, 4 frames in
the middle queue, and 8 frames in the high queue will be processed at the same time in
accordance with the 8,4,2,1 policy rule.
» Use a strict priority scheme: With this radio button selected, you have to select the pull-down
menu labeled Priority Type.
» Priority Type: Five options Port-based, TOS only, COS only, TOS first, and COS first. Disable
means QoS function is not activated.
» Select Apply to have the configuration take effect.
Figure 78 – QoS Configuration interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 85
Page 86
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port-based Priority
Configure the priority level for each port. Any packet received from a single port is sent to
the Lowest queue by default. This item allows users to change the priority level for each port
respectively.
» Port x: Four priority levels are available – High, Middle, Low, and Lowest.
» Select the Apply button to have the configuration take effect.
CoS Configuration
Configure this item to allocate the identified packet to different queues according to the packet’s
3-bit 802.1p priority classification field that is embedded in the 4-byte 802.1q VLAN tag field.
Before configuring this field, users have to select the Use a strict priority scheme radio button and
set the Priority Type on COS only or COS first.
» Priority: The 3-bit 802.1p priority values range from 0 to 7. Select the pull-down menu to
specify the corresponding queue for the identified COS value (priority) to which the identified
frame will be sent.
» Select the Apply button to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 86
Page 87
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
ToS Configuration
Configure this item to allocate the identified packet to different queues according to the packet’s
6-bit DSCP (Differentiated Service Code Point) value inside the 1-byte ToS (Type of Service) field.
The 6-bit DSCP value defines up to 64 priority values. Therefore, you can assign one of the four
queues to each priority respectively.
» Priority: Select the pull-down menu to specify the corresponding queue for the identified TOS
(DSCP) value to which the identified packet will be sent.
» Select the Apply button to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
Figure 79 – Configure Port-based Priority
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 87
Page 88
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
X-Ring2
X-Ring provides a faster redundant recovery than the Spanning Tree topology. The action is similar
to STP or RSTP, but the algorithms between them are not the same. To configure an X-Ring group,
enable the X-Ring function on each switch whose two ports connecting to the ring group in which
should be assigned as the member ports.
The two switches forming the last segment of a multi-device X-Ring group will automatically be
designated as master switches, between which the connection is called the backup path. Known
as backup ports, the two ports of the backup path will be blocked. Also, the user can identify
whether the switch is the ring master device by checking the LED indicator on the panel of the
switch.
Other switches in the X-Ring group are naturally the working (forwarding) switches and both their
two member ports are working (forwarding) ports. If the failure of network connection occurs,
the backup ports of master switches (ring master devices) will automatically become working
(forwarding) ports to recover from the failure.
X-Ring2 Operation Mode
Select the X-Ring2 Operation Mode pull-down menu to configure the operation mode for X-Ring2
or Disable the X-Ring2 function.
X-Ring2 Configuration
» Ring ID: Specify a number ranging from 0 to 99 for identifying a given ring group.
» 1st Ring Port: One of the two member ports of this switch connecting to the ring group. Use
the pull-down menu to select a port as the first ring port.
» 2nd Ring Port: The other member port of this switch connecting to the ring group. Use the
pull-down menu to select a port as the second ring port.
» 1st Rdn Port: Use the pull-down menu to select a port as the first redundant port.
» 1st Rdn Port ID: Specify a number ranging from 0 to 99 for identifying the first redundant port.
» 2nd Rdn Port: Use the pull-down menu to select a port as the second redundant port.
» 2nd Rdn Port ID: Specify a number ranging from 0 to 99 for identifying the second redundant
port.
» When finished, select the Add button to save the configuration for this Ring ID.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 88
Page 89
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Figure 80 – X-Ring2 Interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 89
Page 90
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Human
X-Ring II Applications
X-Ring II is an enhanced X-Ring mechanism for ComNet industrial switches which eliminates the
need to pre-define the Master Switch as it is in the X-Ring. It protects a network with the most
secure topologies ever. X-Ring II works as a chain of rings to reduce the risk of master switch
failure or link down. X-Ring II is backwards compatible with existing X-Ring topologies in legacy
mode.
Single X-Ring II
Recover Time: 10ms
Maximum switches: 256
Backup masters: 256
Data Collection
Server
Ring
Management
Interface
IP Camera
TECh SUPPORT: 1.888.678.9427
Terminal Server Traffic Signal
Control Equipment
Figure 81 – Single X-Ring II Topology
Field Management
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 90
Page 91
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Human
Coupled X-Ring II
Recover Time: 10ms
Maximum switches: 256
Backup masters: 256
Data Collection
Server
Management
Interface
Ring Ring
TECh SUPPORT: 1.888.678.9427
Terminal ServerIP Camera
Traffic Signal
Control Equipment
Field Management
Figure 82 – Coupled X-Ring II Topology
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 91
Page 92
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Human
Multiple Coupled X-Ring II
Recover Time: 10ms
Maximum switches: 256
Backup masters: 256
Ring
Data Collection
Server
Terminal ServerIP Camera
Traffic Signal
Control Equipment
Field Management
Management
Interface
RingRing Ring
Terminal ServerIP Camera
Traffic Signal
Control Equipment
Field Management
Figure 83 – Multiple Coupled X-Ring II Topology
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 92
Page 93
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Human
Dual Homing X-Ring II
RSTP ring: Recover Time: 10ms X-Ring II: Recover Time: 10ms
Maximum switches: 256 Maximum switches: 50
Backup masters: 256 Backup masters: 50
Data Collection
Server
Ring
Management
Interface
Ring
IP Camera
TECh SUPPORT: 1.888.678.9427
Terminal Server
IP Camera
Terminal Server Traffic Signal
Figure 84 – Dual Homing X-Ring II Topology
Control Equipment
Field Management
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 93
Page 94
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Dual Homing Three X-Ring II
Recover Time: 10ms
Maximum switches: 50
Backup masters: 50
Data Collection
Server
Ring
Human
Management
Interface
Ring
Ring
IP Camera
Terminal Server Traffic Signal
Control Equipment
Figure 85 – Dual Homing Three X-Ring II Topology
Field ManagementTerminal ServerIP Camera
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 94
Page 95
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Legacy_Ring Mode
Setting the X-Ring2 Operation Mode on Legacy-Ring mode means the switch is configured as a
backward compatible device that could only be a non-master switch when joining a legacy X-Ring
group.
» 1st Ring Port: Use the pull-down menu to select a port as the first ring port.
» 2nd Ring Port: Use the pull-down menu to select a port as the second ring port.
» When finished, select the Apply button to have the configuration take effect.
Figure 86 – Legacy-Ring Interface
Note: When the X-Ring function is enabled, the user must disable the RSTP function. The X-Ring
and RSTP functions cannot work simultaneously on a switch.
Remember to execute the Save Configuration action, otherwise the new configuration
will lose when the switch powers off.
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 95
Page 96
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
LLDP Configuration
Link Layer Discovery Protocol (LLDP), a one-way protocol, specified in the IEEE 802.1ab standard
allows stations attached to the same IEEE 802 LAN to advertise their information to neighbors and
store the information received from adjacent stations.
Receivers on the same physical LAN will store the information distributed via LLDP in a standard
Management Information Base (MIB) where the information can be accessed by a Network
Management System (NMS) using a protocol like the Simple Network Management Protocol
(SNMP).
LLDP runs on all 802 media. The protocol runs over the data-link layer only, allowing two systems
running different network layer protocols to learn about each other.
The switch also supports LLDP-MED (Media Endpoint Devices) that is the enhanced standard of
the basic LLDP protocol that is specific to the requirements of Media Endpoint Devices in an IEEE
802 LAN environment. With LLDP-MED employed; the switch can deal with network configuration
and policy, device location, Power over Ethernet management, and inventory management. Media
Endpoint Devices include, but are not limited to, IP phones, IP voice/media gateways, IP media
servers, and IP communications controllers.
» LLDP Protocol: Use the pull-down menu to disable or enable the LLDP function.
» LLDP Interval: Type the value, in seconds, as the interval for the switch to advertise its
information to other nodes.
» Select Apply to have the configuration take effect.
Figure 87 – LLDP Interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 96
Page 97
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
802.1X/Radius
802.1x is an IEEE authentication specification that allows a client to connect to a wireless access
point or wired switch but prevents the client from gaining access to the Internet until it provides
authority, like a user name and password that are verified by a separate server.
System Configuration
After enabling the IEEE 802.1X function, you can configure the parameters of this function.
» IEEE 802.1x Protocol: Use the pull-down menu to Enable or Disable the 802.1x protocol on the
switch.
» Radius Server IP: Assign the RADIUS Server IP address.
» Server Port: Set the UDP destination port for authentication requests to the specified RADIUS
Server.
» Accounting Port: Set the UDP destination port for accounting requests to the specified
RADIUS Server.
» Shared Key: Set an encryption key for using during authentication sessions with the specified
RADIUS server. This key must match the encryption key used on the RADIUS Server.
» NAS, Identifier: Set the identifier for the RADIUS client.
» Select the Apply button to have the configuration take effect.
Figure 88 – 802.1x System Configuration interface
TECh SUPPORT: 1.888.678.9427
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 97
Page 98
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Port Configuration
You can configure the 802.1x authentication state for each port. The state provides Disable,
Accept, Reject, and Authorize.
» Reject: The specified port is required to be held in the unauthorized state.
» Accept: The specified port is required to be held in the authorized state.
» Authorize: The specified port is set to the Authorized or Unauthorized state in accordance with
the outcome of an authentication exchange between the supplicant and the authentication
server.
» Disable: When disabled, the specified port works without complying with 802.1x protocol.
» Select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
Figure 89 – 802.1x Per Port Setting interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 98
Page 99
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
Misc Configuration
» Quiet Period: Set the period that the port does not try to acquire a supplicant.
» TX Period: Set the period the port waits for retransmitting the next EAPOL PDU during an
authentication session.
» Supplicant Timeout: Set the period of time the switch waits for a supplicant response to an
EAP request.
» Server Timeout: Set the period of time the switch waits for a server response to an
authentication request.
» Max Requests: Set the number of authentication that must time-out before authentication fails
and the authentication session ends.
» Reauth Period: Set the period of time the connected clients authenticated to be authenticated
again.
» Select Apply to have the configuration take effect.
TECh SUPPORT: 1.888.678.9427
Figure 90 – 802.1x Misc Configuration interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 99
Page 100
INSTALLATION AND OPERATION MANUAL CNGE2FE16MS
MAC Address Table
Here users can determine whether the incoming traffic passes through the particular ports or is
blocked in accordance with the MAC-address filtering table.
Static MAC Address
Configure the static MAC address tab to make a list in which traffic from devices with the MAC
address included will pass the port. You can add a static MAC address that remains in the switch’s
address table regardless of whether the device is physically connected to the switch. This saves
the switch from having to re-learn a device’s MAC address when the disconnected or powered-off
device is active on the network again. Via this interface, you can add, modify and delete entries of
static MAC address.
Add the Static MAC Address
You can enter up to 256 static MAC addresses in the switch MAC Address Table here.
» MAC Address: Enter entries of MAC address on the port that should permanently forward
traffic, regardless of the device network activity.
» Port No.: Use the pull-down menu to select the port number.
» Select the Add button to finish adding the entry.
» If you want to delete the entry from the table, select the MAC address entry listed in the list
and select the Delete button.
TECh SUPPORT: 1.888.678.9427
Figure 91 – Static MAC Addresses interface
INS_CNGE2FE16MS_REV–
01/11/12 PAGE 100
Loading...